Middle East

State-sponsored hackers can hide behind encrypted SSL traffic -expert

Your own employees will often be your weakest security links. Therefore, it’s important for organizations to educate their teams and enforce best practices, such as choosing a strong password, to prevent advanced cyber attacks.

Here is a more detailed look at what government agencies should do to keep nation-state attackers at bay.

Decrypt and Inspect SSL Traffic

State-sponsored hackers can hide attacks in encrypted SSL traffic to evade detection. As a result, network security solutions, such as next-gen firewalls and intrusion prevention systems, need to be able to inspect all incoming and outgoing traffic for threats — not just the data that is sent in plain text. What you can’t see can hurt you. To ensure state-sponsored hackers do not bypass your security controls, decrypt and examine all traffic.

Below are five features for IT teams to consider when selecting an SSL inspection platform:

SSL performance: In addition to assessing current Internet bandwidth requirements, IT also must factor in SSL traffic growth and ensure the inspection platform can handle future SSL throughput requirements.

Compliance: To address regulatory requirements like HIPAA, Federal Information Security Management Act (FISMA) and Sarbanes-Oxley (SOX), an SSL inspection platform should be able to bypass sensitive traffic, like traffic to banking and health care sites.

Heterogenous networks: IT should look for SSL inspection platforms that can decrypt outbound traffic to the Internet and inbound traffic to corporate servers with multiple, flexible deployment options. Additionally, the platforms should intelligently route traffic with traffic steering, granularly parse and control traffic based on custom-defined policies and integrate with a variety of security solutions from leading vendors.

Security infrastructure: SSL inspection platforms should not just offload SSL processing from security devices but also maximize the uptime and performance of those devices. It’s important the platforms can scale security deployments with load balancing, avoid network downtime by detecting and routing around failed security devices and support advanced health monitoring to rapidly identify network or application errors.

Web application data is an attractive target for state-sponsored hackers. Attackers have been known to exploit application vulnerabilities to gain access to Web servers or steal records from databases. One way agencies can protect against this is with a certified Web application firewall (WAF), which filters all application access by inspecting both the traffic toward the application and the response traffic from the application.

A WAF offers granular control of the application’s data flow and is capable of protecting against various attacks including SQL injection, cross-site scripting (XSS) and cross-site request forgery (CSRF) attacks, among others. For instance, a WAF can prevent buffer overflow attacks by setting accepted maximum thresholds for aspects of HTTP requests and blocking requests that exceed the configured limits.

Use Virtual Private Networks (VPNs) to Secure Data

You should assume that any communications over public networks can and will be intercepted. Therefore, agencies of all sizes should implement IPsec VPNs to prevent snooping and data theft, as well as to address compliance. Though it’s no guarantee your data will be protected, you should still encrypt sensitive data sent over the Internet using IPsec encryption.

While IPsec is a mature and well understood technology, new networking paradigms like cloud computing, as well as escalating bandwidth requirements, are compelling large enterprises and service providers to rethink their VPN strategies. As a result, agencies need to develop VPN architectures that can:

If you store sensitive data in databases or files, be sure to track all activity including access and changes. The will help detect anomalous activity, prevent illicit access and measure the impact of an intrusion if an incident does occur. For instance, if someone requests every credit card record, accesses large quantities of data at once or during unusual times of day or escalates their privileges, it could indicate a cyber attack is underway. Monitoring and auditing user access to sensitive data ensures there is a trail to link security violations to specific user names.

Train Employees on Security Best Practices

Your own employees will often be your weakest security links. Therefore, it’s important for organizations to educate their teams and enforce best practices, such as choosing a strong password, to prevent advanced cyber attacks.

Users should also be instructed to identify social engineering attacks, phishing threats and other malicious activity. Otherwise, they’ll likely become a victim. – TradeArabia News Service